This is my first time needing to use SSL, and I host my site on a custom Node.js server of my own making. I've been doing research on how SSL works but I'm stuck on a specific part:

How do I link my domain name with my web server IP address so that I can use SSL?

Detail:

My confusion is in the fact that (from what I think I understand), I need to link my domain name to the IP address of my web server, but the web server doesn't serve directly on that IP address, but rather at a port on that IP.

I'm trying to set my DNS A name record to pair my domain name with my website's server IP.
But the site is hosted on a certain port of the server, and the A Name record only allows the IP (no port). Doesn't the record somehow need to know to direct traffic at the right port? for example I'm serving on port 6070, how do the DNS settings work properly if the port isn't included in the A Name Record?

I'd usually just redirect traffic from the domain name to the right IP/port, but since I need to use SSL, I think I have to link the domain to the server IP via the A Name records instead.

2 Answers
2

DNS servers only associate names with addresses and has nothing to do with ports or packet redirection. These things are done through servers, proxies, firewalls, and clients. For example, standard HTTP requests from your web browser makes a request packet addressed to a (domain name that is translated to) an IP address and port based upon standards for the protocol that it is using which would be HTTP. FTP would use another port.

DNS servers connect the domain name to the IP address thus allowing the request packet to be addressed. Nothing more.

In this case, the A record is the correct thing to do for the parent domain (example.com). You would use a CNAME (alias) to associate any sub-domain such as www to the parent domain.

Your server would have to server your content on port 443 or have a proxy server or firewall redirect port requests from 443 to the port you are using if not 443.

Standard HTTP requests are made on port 80. SSL (secure) HTTPS requests are made on port 443. If you simply type your domain name (example.com or www.example.com) in your browser, it would be served on port 80. In most cases where someone wants to serve HTTPS (SSL) only, they redirect web requests to using a standard redirect. For Apache, this is a fairly easy thing to do using apache2.conf or more commonly the .htaccess file if enabled and it exists.

I'm confused here, sorry.. I'm still a noob in networking. I'm still trying to figure out from this what exactly it is that I need to do. I changed the A Name Record and now my domain name tries to connect directly to the IP address of my server, which throws out a linux nginx error page. It needs to somehow know to route to the port that the web server is serving at. Once I get that, I think I should be in good shape to use SSL on the web server.
– ViziionaryOct 26 '14 at 16:22

So when I go to https://mydomain.com it's routed to the IP listed at the DNS A Name Record / port 443. Is that right?
– ViziionaryOct 26 '14 at 16:24

The browser knows the protocol port to use. It only uses the DNS to get the IP address for the domain name. All clients are designed to work this way.
– closetnocOct 26 '14 at 16:32

I know you have an accepted answer but I hope I can provide a much simpler one, with specific configuration advice.

First, set up DNS exactly like you would for HTTP. The protocol doesn't matter, just point traffic at your server IP.

Next, you have to instruct your server to listen for HTTPS traffic. This is the bit you were having trouble with and there are excellent examples over at Mozilla's 'Server Side TLS' wiki page. Find your server type, copy the config examples verbatim and adapt to your specific setup.

To test, I recommend Qualys' SSL Labs server test which is free and provides great feedback on how to improve your score. Good luck!